Secure Your APIs and Reduce Your Attack Surface With Modern, AI-powered API Security in Qualys Web Application Scanning (WAS)

The rise of APIs presents both opportunities and challenges in today’s hyperconnected digital world. APIs are integral to digital transformation initiatives across industries. The latest data indicates that over 83% of web traffic now comprises API traffic, highlighting their critical role in...

NGWAF - First Iteration Of ML Based Feedback WAF

The Motivation | What is the N3XT ST3P? With the explosive growth of web applications since the early 2000s, web-based attacks have progressively become more rampant. One common solution is the Web Application Firewall WAF. However, tweaking rules of current WAFs to improve the detection mechanis...

Bots Hide Behind User Privacy – Should You Be Concerned?

Bot operators are perpetually devising innovative techniques to sneak past security as they go about their dubious, often downright illegal business. Emulating human behavior and traffic patterns are key elements of their strategy. One of the many layers comprising this strategy is reporting thei...

ALERT: North Korean hackers targeting South Korea with RokRat Trojan

A North Korean hacking group has been found deploying the RokRat Trojan in a new spear-phishing campaign targeting the South Korean government. Attributing the attack to APT37 aka Starcruft, Ricochet Chollima, or Reaper, Malwarebytes said it identified a malicious document last December that, whe...

Tools to address OWASP Top 10 Risks

In a recent article published by Security Boulevard. we talked about OWASP Top 10 Risk classification and overlap. In this post, we will look into the tools that may help address these risks. To understand what’s possible to cover with which protection mechanisms we can now color-code our OWASP...

sigma - Generic Signature Format for SIEM Systems

Generic Signature Format for SIEM Systems. What is Sigma? Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this...

Generic Signature Format for SIEM Systems: Sigma

Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers ...

FIN7 Group Uses JavaScript and Stealer DLL Variant in New Attacks

This post was authored by Michael Gorelik and Josh ReynoldsExecutive SummaryThroughout this blog post we will be detailing a newly discovered RTF document family that is being leveraged by the FIN7 group also known as the Carbanak gang which is a financially-motivated group targeting the financia...

SANS Institute: Hackers Paint a Bullseye on Your Employees and Endpoints

End users and their devices are right smack in the center of the battle between enterprise InfoSec teams and malicious hackers, and it’s not hard to see why. When compromised, connected endpoints — desktops, laptops, smartphones, tablets — offer intruders major entry points into corporate network...

Cisco Firepower Management Center Malware Bypass Vulnerability

A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be...